Idea: Request permissions/roles? #5
Comments
|
Thanks for the feedback! |
|
Yeah, something like what you described. But it's not necessary that User 2 needs to be an owner of a project. It can probably be any email address. |
|
ok, I think I get it. That was actually our initial design but we realized it would be more work to implement. We implemented it in a hack day so since we only had 1 working day decided to cut it out. Maybe next time I take another hack day dedicated to working on this Ill implement that. |
|
Sounds cool! Thanks for your help :) |
|
that would be awesome! |
Has any work been done on Gimme since then? Is Spotify using this system in production, or, how else is privilege escalation moderated right now? We also want this request capability and we're considering using Gimme if it can do this, but if there's other concerns about using this in prod I'd also want to know about those. If you're using it in prod with the current codebase, then it seems reasonable that we could collaborate to add this functionality to Gimme. |
Hey guys,
It'd be great if we can have the ability for any GCP user to "Request" IAM permissions i.e, user A requests permissions xyz, and user B (who has IAM admin permissions) grants that. As part of the "grant" it will automatically proceed with giving the permissions to that user, the same way gimme is doing right now.
Basically, a single approver workflow.
I'm also considering alternatives such as using Terraform as a idempotent source of truth for IAM policies, using GitOps for self service permissions management (pull requests on git approved by someone with authority). However, if a single approver workflow could be implemented in this tool, that would be a much better UX than having to create git commits for people who don't know git, for example.
What do you think?
I just want to say that this is a very useful project. I look forward to see this developed further!
Cheers,
jam
The text was updated successfully, but these errors were encountered: